URGENT - Allow full passwords rather than 4 digit pin for account login

I had to reinstall the app over the last week and noticed that all that is required to sign in to a tymit account is your phone number and a 4 digit pin, and you have full access to the card info.

These are things that friends may know if for example you ask someone to use your phone and give them your phone pin as a lot of people may use the same pin in the app as for their phone.

Or could be observed over the shoulder fairly easy, or even in worse case scenario brute forced.

I was very suprised to notice that there wasnt even a verification text message when logging in to an account, and so I think as a matter of urgency there should be an option (though this should probably be forced) to enter a secure password (12+ chars, letters/numbers/…) to log in to an account!

1 Like

I do agree that on initial login there needs to be a bit more security. Not sure about a 12 char password that you only use once, but just a text to that mobile number with a code or something would be better.

Certainly not! Four digits is quite sufficient, thank you. By this I am also assuming that the phone is locked with fingerprint or face recognition.

@Tymitlike It doesn’t matter about the lock or any security on your device.

If anyone knows your four digit PIN for the app and your mobile number, they can log into the Tymit app on a new device, and you’d never know. They’d have full access. At minimum, the app should text your number a code to use on the new device I think.

2 Likes

This, my issue isnt with opening the app, but with logging in which as @chistery says can be done without your knowledge

Not true. Only works on one device at a time - I tried it!

Security yes, but please don’t over complicate it unnecessarily!

I’ve currently got Tymit running on two android phones and an IOS device.

On another post a user has a new phone and cannot get in to Tymit as SMS is going to old number.

I just took the SIM out of my phone and was perfectly able to log in to tymit after wiping its data

I’ve just switched phones. Just needed the pin. Nothing else. Very insecure!